This POODLE bites: exploiting the SSL 3.0 fallback

Tuesday, October 14th, 2014

Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers). SSL 3.0 is nearly 15 years old, ...

Test Your Anti-Malware Solution

Sunday, October 12th, 2014

The wicar.org website was designed to test the correct operation your anti-virus / anti-malware software. The following table contains static HTML pages with known malicious content, based on the Metasploit Framework. The exploits contain a non-malicious payload which under Windows will execute 'calc.exe', the in-built calculator (if your browser is ...

Bug in Bash shell creates big security hole on anything with *nix in it

Wednesday, September 24th, 2014

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called ...

Android bug allowing SOP bypass a ‘privacy disaster,’ researcher warns

Wednesday, September 17th, 2014

Researchers are warning Android users of a major vulnerability that impacts a vital browser security mechanism called Same-Origin Policy (SOP). The bug – called a “privacy disaster” by Tod Beardsley, an engineering manager at Rapid7 who blogged about the issue Monday – is serious because SOP, “the cornerstone of web privacy,” ...

Microsoft increases IE security, starts blocking old ActiveX controls

Wednesday, August 6th, 2014

As part of Microsoft's ongoing effort to improve the security of its Internet Explorer browser, the company has started blocking outdated ActiveX plugins from being enabled. ActiveX controls have been a feature of Internet Explorer for a very long time and help in enabling interactive content through the browser. Most third-party plugins such ...